Legal Business Blogs

Sponsored briefing: Recovering from a data breach and the role of legal experts

The data breach landscape is ever-changing and being aware of the latest threats is imperative for responding effectively to a data breach.

According to TransUnion’s recent researchi, IT professionals from UK organisations see phishing attempts as the most likely data breach risk in the coming years, with 47% putting it among their top threats. Hybrid and remote working – and the lower level of oversight on security that comes with it – were also named a top future risk by 36%.

When faced with a data breach, the road to recovery for an organisation can be challenging – from grappling with financial losses and reputational ramifications to addressing the impact to technical infrastructure. Handling the situation quickly and properly is paramount and legal support is an important aspect of any response and remediation plan.

Getting a head start with preparation

Industry estimates suggest the highest total cost of a data breach in the United Kingdom is more than £4m and grew 8.1% year-on-year between 2021 and 2022.ii And while data breaches can vary in scale and size, such figures reinforce the importance of seeking the right legal advice at the right time.

The legal sector plays a crucial role in helping organisations plan ahead and run through their incident response plan. Such a plan should outline the steps that a business should take in the event of a data breach, including how to identify the breach, contain it and notify affected customers or stakeholders.

With a well-designed response strategy, businesses can limit the potential damage caused by the breach. For example, having data-driven technological solutions that help protect customer information, such as TransUnion’s TrueIdentity, means organisations can provide credit and dark web monitoring, as well as credit alerts for individuals wishing to keep an eye on credit information and quickly spot anything suspicious.

All this helps to demonstrate that the business has taken active steps to reduce the likelihood of customer’s personal information being compromised. As well as playing a key role in helping to retain trust and protect the consumer, this can also help protect the business from a legal and regulatory perspective.

Every second counts

In the case of an incident, the role that legal support can play varies. This includes notifying the relevant authorities such as the Information Commissioner’s Office (ICO) in certain instances – which must happen within 72 hours of becoming aware of the breach, where feasibleiii – as well as providing valuable guidance on how to effectively communicate the data breach to consumers.

Using dedicated data breach support solutions, legal firms can help to ensure that individuals are notified promptly, with clear communications about the incident and its potential impact on their personal data. This can assist organisations in maintaining customer trust and loyalty and even strengthen customer relationships in the long run, as well as mitigating the impact and guarding against any potential escalation, fines or liabilities.

By getting communications right, businesses can not only reduce the risk of third party lawsuits but also minimise the reputational damage caused by the data breach. Data breach lawyers can also support organisations if they are faced with any legal claims, such as for not being able to prevent consumer personal data from being compromised, or an ICO investigation.

TransUnion partners with law firms to help notify potentially impacted customers and provide consumers with information that addresses their queries, as well as offering credit monitoring and dark web monitoring alerts to reduce the likelihood of harm being done to a customer’s identity.

Find out more about how TransUnion’s Data Breach Support Service can help organisations to be better prepared for a data breach and protect consumers, by visiting our website.

Mark Read, head of data breach solutions at TransUnion in the UK



i. Based on research conducted on behalf of TransUnion, between 27 October and 2 November 2022, among a sample of 500 IT professionals working in UK businesses across a range of sectors including banking/finance, information, insurance, law, retail, construction, manufacturing and more

ii. IBM’s Cost of a Data Breach 2022 Report suggests that the highest average total cost of a breach in the United Kingdom was USD $5.05m, up from USD $4.67m, an increase of USD $0.38m, or 8.1%. USD $5.05m is equal to £4.07m, according to currency convertor, checked 26 Jan 2023

iii. According to guidelines from Personal data breaches | ICO, accessed 25 Feb 2023